www1.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=4927878&pci=6962411507&t=1670163982&dest=https://gitlab.com/Trafalcraft/antiRedstoneClock/-/releases/1.5.0
172.67.186.48200 OK 2.5 kB URL HTTP/1.1 www1.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=4927878&pci=6962411507&t=1670163982&dest=https://gitlab.com/Trafalcraft/antiRedstoneClock/-/releases/1.5.0
IP 172.67.186.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Hash 7ff1ac6df77150ffe518720713e58148
6a4b3ebc7c0abb48d2edbb530259475af238250b
33bcaa51803d7a37b993ee0201ac76dcd9ce60ea25484f8af84767a85c2051ae
GET /pushredirect/?network=3&site=adfly&ppi=4927878&pci=6962411507&t=1670163982&dest=https://gitlab.com/Trafalcraft/antiRedstoneClock/-/releases/1.5.0 HTTP/1.1
Host: www1.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 14:27:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www1.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCkvofMzvFTw4Uh4IrEmH8ydnrbKM%2BMEyGkW3%2FPlDOEROx%2BVFWwOBpivHtH%2B3beF2gj0sxGOU3PLIK7NzbqCrDXDhEHDYHXmH96NN%2BRz4szx7xU95UdM7xYlYPuskJKN9TQfiT8BpL9r"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 774539101fc3b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18533
Expires: Sun, 04 Dec 2022 19:36:20 GMT
Date: Sun, 04 Dec 2022 14:27:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5729
Cache-Control: max-age=164359
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:27 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 12:06:46 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 14:20:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 440
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5505
Expires: Sun, 04 Dec 2022 15:59:12 GMT
Date: Sun, 04 Dec 2022 14:27:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Zd6Os+xv95keFevUThFankVdeg0iRexgnKMAyGAJ5GCWN2NP7amGGGJEyiiVNIurJdW0sYwSbjM=
x-amz-request-id: 1QYHHPPH98VJDZZJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 13:47:34 GMT
age: 2393
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 14:27:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www1.davisonbarker.pro/static/image/logo.png
172.67.186.48200 OK 11 kB URL HTTP/1.1 www1.davisonbarker.pro/static/image/logo.png
IP 172.67.186.48:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www1.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=4927878&pci=6962411507&t=1670163982&dest=https://gitlab.com/Trafalcraft/antiRedstoneClock/-/releases/1.5.0
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 14:27:27 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 14:08:39 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b4021a56880f53fc;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 1128
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XT6ouB1F0zA4la73u8e92LKnknixnKX8Ox9WJV0PDZdwijMHtp%2Bzfm9NBlCVA1g2ROPHKS8Z%2BQDcreObnsAU1%2BbcKX5Af2Ge3yWewH7vP9DUtCQ2c%2Ff%2FNc4HCVUXaNDVQ3NayBmxom4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77453913ac58b4ff-OSL
alt-svc: h2=":443"; ma=60
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.39200 OK 50 kB URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.39:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash bc7e73d8f07057a8e8485e42da7cc9a3
1444497a189b0db70828cd1545e62f84077c393b
cb6ff93dc76500ac9bd3f2163392a5066ab4d7f2ea19df70383ef43da83f9e3e
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
HTTP/1.1 200 OK
Content-Length: 50246
Connection: keep-alive
Date: Sun, 04 Dec 2022 14:27:28 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8RmBqGCYOJVE9DxBh72iUT9PL6DcTB2Lh437wWY_DeDL5nHGkqBljA==
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www1.davisonbarker.pro/am-push-cps.js?puid=4927878&clickid=4927878_4366373&allb=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0&ob=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&clb=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&asb=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0
172.67.186.48200 OK 40 kB URL HTTP/1.1 www1.davisonbarker.pro/am-push-cps.js?puid=4927878&clickid=4927878_4366373&allb=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0&ob=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&clb=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&asb=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0
IP 172.67.186.48:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 845473a7fd284503f57855602add14fd
2974d9f2091d778fb076ebda7e908a1a029e38e5
7763be30b9a78bac4c785a49b0ee887135f9c2185689e8a31f630adfd26506ff
GET /am-push-cps.js?puid=4927878&clickid=4927878_4366373&allb=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0&ob=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&clb=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&asb=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0 HTTP/1.1
Host: www1.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=4927878&pci=6962411507&t=1670163982&dest=https://gitlab.com/Trafalcraft/antiRedstoneClock/-/releases/1.5.0
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 14:27:28 GMT
Content-Type: application/x-javascript
Content-Length: 40440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 14:27:28 GMT
last-modified: Mon, 08 Aug 2022 14:16:52 GMT
etag: "19284-62f11ad4-dcbd68a41223eabf;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=03ItNqAQy8dP6drQS6hC4LJAY1%2BTRh6N2IAguwhclIsnIVnyhGt77jDHPoOlukei59Ha4Rt4sGRspfc1HwN01Y%2FZY8Z5VCJjXdDh%2Fj265oTw8HaFCL%2FitO%2FOruD2jikKjfDd8Fgu4N%2B2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77453913ae65b4ee-OSL
alt-svc: h2=":443"; ma=60
lassistslegisten.com/QkNzeWMjIRAUXCN+EV8WMC9OXFEEZkE/ByF2GEEFJXYaFgB6MF0aDy02Fx8RLS0HVw0nN1ZLJQAWHwkMGxcyAS0TGjs9Ghs5Nz8UCxo0TAAUJD1JLgAwPCEKCC0yAS0XBCEsJgFyKi0gKXclKgkYLSQ8ByEOCSgzGgEqSi0DNxA4OxN0NzguDBkdDgAHFUtMOTpzIy8nIXsyKFoUDR0OBwMCQ1xRBA0hMCoaB0dONxQNQSNQEBohOCkrIBtBKhopKkgrOgolICQtBDUrNSUiHxUxCi45XFEEFAo0NRsEHB8gBHYYGwhzEBAXBy0UMRIkGC1KGyo6FRQYC28sKz80ByEkLyYEJTQJIRACORAzE3MwLhlzZkE/NCsgMCAONhomKCUrIkNINwMHIgMkJREkKTAIDSZKOSgiH0gzAwsiDzUUAlUTEC0tA0QIMCc4Ng8oJTIp
13.33.141.43200 OK 1.2 kB URL HTTP/1.1 lassistslegisten.com/QkNzeWMjIRAUXCN+EV8WMC9OXFEEZkE/ByF2GEEFJXYaFgB6MF0aDy02Fx8RLS0HVw0nN1ZLJQAWHwkMGxcyAS0TGjs9Ghs5Nz8UCxo0TAAUJD1JLgAwPCEKCC0yAS0XBCEsJgFyKi0gKXclKgkYLSQ8ByEOCSgzGgEqSi0DNxA4OxN0NzguDBkdDgAHFUtMOTpzIy8nIXsyKFoUDR0OBwMCQ1xRBA0hMCoaB0dONxQNQSNQEBohOCkrIBtBKhopKkgrOgolICQtBDUrNSUiHxUxCi45XFEEFAo0NRsEHB8gBHYYGwhzEBAXBy0UMRIkGC1KGyo6FRQYC28sKz80ByEkLyYEJTQJIRACORAzE3MwLhlzZkE/NCsgMCAONhomKCUrIkNINwMHIgMkJREkKTAIDSZKOSgiH0gzAwsiDzUUAlUTEC0tA0QIMCc4Ng8oJTIp
IP 13.33.141.43:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 1bcd662697f4e1e0dfa4b7144f13420e
47622e38a9ea899ce20961aada9652b512f5c781
0772ddb13928874057157b4cf38a80c3f4d0e696d40a5ca637151971be5224f8
GET /QkNzeWMjIRAUXCN+EV8WMC9OXFEEZkE/ByF2GEEFJXYaFgB6MF0aDy02Fx8RLS0HVw0nN1ZLJQAWHwkMGxcyAS0TGjs9Ghs5Nz8UCxo0TAAUJD1JLgAwPCEKCC0yAS0XBCEsJgFyKi0gKXclKgkYLSQ8ByEOCSgzGgEqSi0DNxA4OxN0NzguDBkdDgAHFUtMOTpzIy8nIXsyKFoUDR0OBwMCQ1xRBA0hMCoaB0dONxQNQSNQEBohOCkrIBtBKhopKkgrOgolICQtBDUrNSUiHxUxCi45XFEEFAo0NRsEHB8gBHYYGwhzEBAXBy0UMRIkGC1KGyo6FRQYC28sKz80ByEkLyYEJTQJIRACORAzE3MwLhlzZkE/NCsgMCAONhomKCUrIkNINwMHIgMkJREkKTAIDSZKOSgiH0gzAwsiDzUUAlUTEC0tA0QIMCc4Ng8oJTIp HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1186
Connection: keep-alive
Date: Sun, 04 Dec 2022 14:27:28 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 de5c91e6083c20494d32dc8ebe4b652c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CPH50-C2
X-Amz-Cf-Id: NZ7AgERKsf91TJjIhr-BSGHZEW-hhQGOkn4daEE4sKcANv91gnfTXg==
lynormationpas.com/eGdzQUlXWBAydC4KRhErMC0bGREiPiJzCxwCJXgLISEpeRFIJlU1IBxaS3N9TFBAZzkRA05ye14UByA9DRROc3lIUFUoJx4ITnNvDlpDb3FWVkBveV4STnBvDBcSJnRJQQM1PRRaQnd+SFZFdXlMUkt3fA
104.21.53.208204 No Content 0 B URL HTTP/2 lynormationpas.com/eGdzQUlXWBAydC4KRhErMC0bGREiPiJzCxwCJXgLISEpeRFIJlU1IBxaS3N9TFBAZzkRA05ye14UByA9DRROc3lIUFUoJx4ITnNvDlpDb3FWVkBveV4STnBvDBcSJnRJQQM1PRRaQnd+SFZFdXlMUkt3fA
IP 104.21.53.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eGdzQUlXWBAydC4KRhErMC0bGREiPiJzCxwCJXgLISEpeRFIJlU1IBxaS3N9TFBAZzkRA05ye14UByA9DRROc3lIUFUoJx4ITnNvDlpDb3FWVkBveV4STnBvDBcSJnRJQQM1PRRaQnd+SFZFdXlMUkt3fA HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 14:27:28 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJlM1vRxOmYZtc3vs6zyraNVUSmABOsCAUUX7k6zscTiUV1F9ZtOl%2BEwFBpD6J8JKDpzBDEtxeknB0cBQK7ZbtOU2kjeKSIHrpQrLDfO933KriUffIBWaJeKHUxW7NTAgXnWvVc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77453915dfcdb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lynormationpas.com/MHpnczMfRQQADlEACwlldBIEMFhAHSQlA3soMBB/aCshMmlHFUEHWlRHX0EHBE1UVUNZHlpAARYJExJHRQlaQhVZFAEcDhYMWkMdCFRWQB0AXBJOAhYOFxJUDUtBA0dEFlpCBQdKVkUHAE5SSwUB
104.21.53.208204 No Content 0 B URL HTTP/2 lynormationpas.com/MHpnczMfRQQADlEACwlldBIEMFhAHSQlA3soMBB/aCshMmlHFUEHWlRHX0EHBE1UVUNZHlpAARYJExJHRQlaQhVZFAEcDhYMWkMdCFRWQB0AXBJOAhYOFxJUDUtBA0dEFlpCBQdKVkUHAE5SSwUB
IP 104.21.53.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MHpnczMfRQQADlEACwlldBIEMFhAHSQlA3soMBB/aCshMmlHFUEHWlRHX0EHBE1UVUNZHlpAARYJExJHRQlaQhVZFAEcDhYMWkMdCFRWQB0AXBJOAhYOFxJUDUtBA0dEFlpCBQdKVkUHAE5SSwUB HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 14:27:28 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2qJeVWEKlTx%2BaL1oivWF3yLDWKF5gFlj4K1f2U%2FcqdC2ZhC75yFjpSB0FQIVUssw%2BEpA7VP7P3oScxCzkneUbbGqVtDTB5qbr06HF9v0sRoObWjeLoNS1g4SSZJyiezvWbukfI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77453915dfc6b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 14:08:58 GMT
cache-control: public,max-age=3600
age: 1110
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5715
Cache-Control: max-age=159278
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:28 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:42:06 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9122
Expires: Sun, 04 Dec 2022 16:59:30 GMT
Date: Sun, 04 Dec 2022 14:27:28 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9122
Expires: Sun, 04 Dec 2022 16:59:30 GMT
Date: Sun, 04 Dec 2022 14:27:28 GMT
Connection: keep-alive
ndandinter.hair/UTF4U1IqEwskDSRDFHFoc1kMJyJrHlckJSYAVjczJ1gLPDwzUAo4NyMfCCE9flAVfiIkQhB%2BMSFCVjkhbkENOjZsBUFhZWkGQHUxPVgbODs1DExqYGYJT2sNZQJOZWFmAl4yPj1TRTsmJUELdmEQFEoVd2N3HzomPVAafTE%2BXF1hFAVDGTUzPVIKMjQlFEoVMz9FEQE3NUIMPDw0chQ8MToUShV%2FdAM%2BITc9VBkgNyIUShVjfwRWY3Q%2BU0U7JiVBC3ZhEBRKFXdjdw8kJWcCVjczJ1gLPDwzUAo4NyMfCCE9dAM%2BIyciWQo2NjhDHTAmdAM%2BdmEXRRUjd2J1SXZgZ18dJyU%2BQxN2YRUCXWFkOF4LdmEVAV1hZCJYDDZ3YnUZNzQ9SF1hZDIUSxdjdANOIyI4FEsXZmgDT2tlaRRKZSIyWF1gFmcITmFmYABNY2V0A04nd2J1SWVlYQBOYGtpA11hZDVUCyd3YnUQJyYhQl1hZ2JwXWFnY3ddYWdjdx86Jj1QGn0xPlxdYWdjdywhMzdQFDAgMFcMdmBkAz4yPCVYKjY2IkUXPTcSXRcwOXQDTWEUfBRKZmAXQx0%2FNzBCHSB3YwRKFWN%2FBFZjdDJdGm46JUUIIHdicF1hFHQDPiQlJgdLfTYwRxEgPT9TGSE5NENWIyA%2BFEoVIiRCECE3NVgKNjElFEoVd2J3DD4idAI8YXdjBxY2JiZeCjh3YnVLdmBnWBcgd2J1SHZgZ0IRJzd0AjwyNjddAXZgZ1JdYBZgFEplIiFYXWAWZQhKZGpmCV1hZCFSEXZhFQdBZWBlAElmYmYUSmUmdAI8YmRmAUllYWgJSnZgZ1UdICZ0Ajw7JiVBC3ZgZAI5dmBkAz52YGQDPjQ7JV0ZMXwyXhV2YGQDPgcgMFcZPzEjUB4nd2MEShUzP0URATc1Qgw8PDRyFDwxOhRKZmAXHF1hZ2N3CjY%2BNFALNiF0A01hFGAfTX1id1ALMW85RQwjIXQCOXZgFxRKFTU4RRQyMH9SFz53Y3csITM3UBQwIDBXDHZgF1AWJzsDVBwgJj5fHRA%2BPlITdmAXHF1hFCNUFDYzIlQLdmAXAFZmfGETVHEhPFdaaWN9Ews%2BJHMLWmd8YhNUcSYwVic6NnMLWmtjaQNAZXB9EwsmMA5YHGJwaxNMamBmCU9rcH0TCyYwDlgcYXBrE0xqYGYJT2sNZQJOZWFmAlp%2FcDBdFDFwaxMQJyYhQkJ8fTZYDD8zMx8bPD9%2BZQoyNDBdGyEzN0VXMjwlWCo2NiJFFz03El0XMDl%2BHFchNz1UGSA3Ih5JfWd%2FAVp%2FcD5TWmlwOUUMIyFrHlckJSYHS302MEcRID0%2FUxkhOTRDViMgPh4IJiE5Qx03OyNUGyd9bkUVI29gFxY2JiZeCjhvYhcRPCFsAV4gOyVURTI2N10BdTFsAF4jIjgMTGpgZglPa3QhUhFuZGgHSmdjYARIZHQlDEllZWEATmBraQNeNzciRUU7JiVBC3ZhEBRKFXdjdx86Jj1QGn0xPlxdYRQFQxk1Mz1SCjI0JRRKFTM%2FRREBNzVCDDw8NHIUPDE6FEoVf3QDPiE3PVQZIDciFEoVY38EVmNwfRMbPzBzC1o7JiVBC2l9fkYPJGRiHxwyJDhCFz0wMEMTNiB%2FQQo8fSFECzsgNFURITcyRVdsJjxBRWF0P1QMJD0jWkVgdDheC25id0IRJzdsUBw1PigXG25jd0EIOm9lCEpkamYJXiMxOAxOamRjBUliZ2EGXidvYAdPY2NnAkFrYHdVHSAmbFkMJyIiFEsSd2N3XWEUNlgMPzMzHxs8P3QDPgcgMFcZPzEjUB4nd2N3GT0mOGMdNyElXhY2ET1eGzh3Y3dVdmAXQx0%2FNzBCHSB3Y3dJfWd%2FAVp%2FcDBCGnFoc1kMJyIiC1d8NThFFDIwf1IXPn0FQxk1Mz1SCjI0JR4ZPSY4Yx03ISVeFjYRPV4bOH18Hgo2PjRQCzYhfgBWZnxhEwU
52.20.131.174502 Bad Gateway 0 B URL HTTP/1.1 ndandinter.hair/UTF4U1IqEwskDSRDFHFoc1kMJyJrHlckJSYAVjczJ1gLPDwzUAo4NyMfCCE9flAVfiIkQhB%2BMSFCVjkhbkENOjZsBUFhZWkGQHUxPVgbODs1DExqYGYJT2sNZQJOZWFmAl4yPj1TRTsmJUELdmEQFEoVd2N3HzomPVAafTE%2BXF1hFAVDGTUzPVIKMjQlFEoVMz9FEQE3NUIMPDw0chQ8MToUShV%2FdAM%2BITc9VBkgNyIUShVjfwRWY3Q%2BU0U7JiVBC3ZhEBRKFXdjdw8kJWcCVjczJ1gLPDwzUAo4NyMfCCE9dAM%2BIyciWQo2NjhDHTAmdAM%2BdmEXRRUjd2J1SXZgZ18dJyU%2BQxN2YRUCXWFkOF4LdmEVAV1hZCJYDDZ3YnUZNzQ9SF1hZDIUSxdjdANOIyI4FEsXZmgDT2tlaRRKZSIyWF1gFmcITmFmYABNY2V0A04nd2J1SWVlYQBOYGtpA11hZDVUCyd3YnUQJyYhQl1hZ2JwXWFnY3ddYWdjdx86Jj1QGn0xPlxdYWdjdywhMzdQFDAgMFcMdmBkAz4yPCVYKjY2IkUXPTcSXRcwOXQDTWEUfBRKZmAXQx0%2FNzBCHSB3YwRKFWN%2FBFZjdDJdGm46JUUIIHdicF1hFHQDPiQlJgdLfTYwRxEgPT9TGSE5NENWIyA%2BFEoVIiRCECE3NVgKNjElFEoVd2J3DD4idAI8YXdjBxY2JiZeCjh3YnVLdmBnWBcgd2J1SHZgZ0IRJzd0AjwyNjddAXZgZ1JdYBZgFEplIiFYXWAWZQhKZGpmCV1hZCFSEXZhFQdBZWBlAElmYmYUSmUmdAI8YmRmAUllYWgJSnZgZ1UdICZ0Ajw7JiVBC3ZgZAI5dmBkAz52YGQDPjQ7JV0ZMXwyXhV2YGQDPgcgMFcZPzEjUB4nd2MEShUzP0URATc1Qgw8PDRyFDwxOhRKZmAXHF1hZ2N3CjY%2BNFALNiF0A01hFGAfTX1id1ALMW85RQwjIXQCOXZgFxRKFTU4RRQyMH9SFz53Y3csITM3UBQwIDBXDHZgF1AWJzsDVBwgJj5fHRA%2BPlITdmAXHF1hFCNUFDYzIlQLdmAXAFZmfGETVHEhPFdaaWN9Ews%2BJHMLWmd8YhNUcSYwVic6NnMLWmtjaQNAZXB9EwsmMA5YHGJwaxNMamBmCU9rcH0TCyYwDlgcYXBrE0xqYGYJT2sNZQJOZWFmAlp%2FcDBdFDFwaxMQJyYhQkJ8fTZYDD8zMx8bPD9%2BZQoyNDBdGyEzN0VXMjwlWCo2NiJFFz03El0XMDl%2BHFchNz1UGSA3Ih5JfWd%2FAVp%2FcD5TWmlwOUUMIyFrHlckJSYHS302MEcRID0%2FUxkhOTRDViMgPh4IJiE5Qx03OyNUGyd9bkUVI29gFxY2JiZeCjhvYhcRPCFsAV4gOyVURTI2N10BdTFsAF4jIjgMTGpgZglPa3QhUhFuZGgHSmdjYARIZHQlDEllZWEATmBraQNeNzciRUU7JiVBC3ZhEBRKFXdjdx86Jj1QGn0xPlxdYRQFQxk1Mz1SCjI0JRRKFTM%2FRREBNzVCDDw8NHIUPDE6FEoVf3QDPiE3PVQZIDciFEoVY38EVmNwfRMbPzBzC1o7JiVBC2l9fkYPJGRiHxwyJDhCFz0wMEMTNiB%2FQQo8fSFECzsgNFURITcyRVdsJjxBRWF0P1QMJD0jWkVgdDheC25id0IRJzdsUBw1PigXG25jd0EIOm9lCEpkamYJXiMxOAxOamRjBUliZ2EGXidvYAdPY2NnAkFrYHdVHSAmbFkMJyIiFEsSd2N3XWEUNlgMPzMzHxs8P3QDPgcgMFcZPzEjUB4nd2N3GT0mOGMdNyElXhY2ET1eGzh3Y3dVdmAXQx0%2FNzBCHSB3Y3dJfWd%2FAVp%2FcDBCGnFoc1kMJyIiC1d8NThFFDIwf1IXPn0FQxk1Mz1SCjI0JR4ZPSY4Yx03ISVeFjYRPV4bOH18Hgo2PjRQCzYhfgBWZnxhEwU
IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UTF4U1IqEwskDSRDFHFoc1kMJyJrHlckJSYAVjczJ1gLPDwzUAo4NyMfCCE9flAVfiIkQhB%2BMSFCVjkhbkENOjZsBUFhZWkGQHUxPVgbODs1DExqYGYJT2sNZQJOZWFmAl4yPj1TRTsmJUELdmEQFEoVd2N3HzomPVAafTE%2BXF1hFAVDGTUzPVIKMjQlFEoVMz9FEQE3NUIMPDw0chQ8MToUShV%2FdAM%2BITc9VBkgNyIUShVjfwRWY3Q%2BU0U7JiVBC3ZhEBRKFXdjdw8kJWcCVjczJ1gLPDwzUAo4NyMfCCE9dAM%2BIyciWQo2NjhDHTAmdAM%2BdmEXRRUjd2J1SXZgZ18dJyU%2BQxN2YRUCXWFkOF4LdmEVAV1hZCJYDDZ3YnUZNzQ9SF1hZDIUSxdjdANOIyI4FEsXZmgDT2tlaRRKZSIyWF1gFmcITmFmYABNY2V0A04nd2J1SWVlYQBOYGtpA11hZDVUCyd3YnUQJyYhQl1hZ2JwXWFnY3ddYWdjdx86Jj1QGn0xPlxdYWdjdywhMzdQFDAgMFcMdmBkAz4yPCVYKjY2IkUXPTcSXRcwOXQDTWEUfBRKZmAXQx0%2FNzBCHSB3YwRKFWN%2FBFZjdDJdGm46JUUIIHdicF1hFHQDPiQlJgdLfTYwRxEgPT9TGSE5NENWIyA%2BFEoVIiRCECE3NVgKNjElFEoVd2J3DD4idAI8YXdjBxY2JiZeCjh3YnVLdmBnWBcgd2J1SHZgZ0IRJzd0AjwyNjddAXZgZ1JdYBZgFEplIiFYXWAWZQhKZGpmCV1hZCFSEXZhFQdBZWBlAElmYmYUSmUmdAI8YmRmAUllYWgJSnZgZ1UdICZ0Ajw7JiVBC3ZgZAI5dmBkAz52YGQDPjQ7JV0ZMXwyXhV2YGQDPgcgMFcZPzEjUB4nd2MEShUzP0URATc1Qgw8PDRyFDwxOhRKZmAXHF1hZ2N3CjY%2BNFALNiF0A01hFGAfTX1id1ALMW85RQwjIXQCOXZgFxRKFTU4RRQyMH9SFz53Y3csITM3UBQwIDBXDHZgF1AWJzsDVBwgJj5fHRA%2BPlITdmAXHF1hFCNUFDYzIlQLdmAXAFZmfGETVHEhPFdaaWN9Ews%2BJHMLWmd8YhNUcSYwVic6NnMLWmtjaQNAZXB9EwsmMA5YHGJwaxNMamBmCU9rcH0TCyYwDlgcYXBrE0xqYGYJT2sNZQJOZWFmAlp%2FcDBdFDFwaxMQJyYhQkJ8fTZYDD8zMx8bPD9%2BZQoyNDBdGyEzN0VXMjwlWCo2NiJFFz03El0XMDl%2BHFchNz1UGSA3Ih5JfWd%2FAVp%2FcD5TWmlwOUUMIyFrHlckJSYHS302MEcRID0%2FUxkhOTRDViMgPh4IJiE5Qx03OyNUGyd9bkUVI29gFxY2JiZeCjhvYhcRPCFsAV4gOyVURTI2N10BdTFsAF4jIjgMTGpgZglPa3QhUhFuZGgHSmdjYARIZHQlDEllZWEATmBraQNeNzciRUU7JiVBC3ZhEBRKFXdjdx86Jj1QGn0xPlxdYRQFQxk1Mz1SCjI0JRRKFTM%2FRREBNzVCDDw8NHIUPDE6FEoVf3QDPiE3PVQZIDciFEoVY38EVmNwfRMbPzBzC1o7JiVBC2l9fkYPJGRiHxwyJDhCFz0wMEMTNiB%2FQQo8fSFECzsgNFURITcyRVdsJjxBRWF0P1QMJD0jWkVgdDheC25id0IRJzdsUBw1PigXG25jd0EIOm9lCEpkamYJXiMxOAxOamRjBUliZ2EGXidvYAdPY2NnAkFrYHdVHSAmbFkMJyIiFEsSd2N3XWEUNlgMPzMzHxs8P3QDPgcgMFcZPzEjUB4nd2N3GT0mOGMdNyElXhY2ET1eGzh3Y3dVdmAXQx0%2FNzBCHSB3Y3dJfWd%2FAVp%2FcDBCGnFoc1kMJyIiC1d8NThFFDIwf1IXPn0FQxk1Mz1SCjI0JR4ZPSY4Yx03ISVeFjYRPV4bOH18Hgo2PjRQCzYhfgBWZnxhEwU HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
HTTP/1.1 502 Bad Gateway
Server: openresty/1.15.8.3
Date: Sun, 04 Dec 2022 14:27:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: a7bc0580b2f1e11a444caa89bd8e49e3=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type
dc5k8fg5ioc8s.cloudfront.net/BUlpoYTAxNQYHDyYzDFwIYG5cVgN0MBsOXiJnAxNUGRUEC1YTCk4VSjZnWEdcMzQPXBY3NAtcAXQ7DAMNZnwcEV85Zx0PVDc8AQ9VNnwdAA0/NRIIXD47TVN2Z3RYRAJich8IXjY1HxIVYGoGFRVgallRHmJ/WyMVYGofCF5kbk1ScndoWBkGZn9bIxVgah-oXFWEbWVEFfGpBRAJiPQ0CWz1/WicCYmtYUQFia01TADQzGgRWPSJNU3Zjal1PAHQvVVA
54.230.245.39200 OK 348 B URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/BUlpoYTAxNQYHDyYzDFwIYG5cVgN0MBsOXiJnAxNUGRUEC1YTCk4VSjZnWEdcMzQPXBY3NAtcAXQ7DAMNZnwcEV85Zx0PVDc8AQ9VNnwdAA0/NRIIXD47TVN2Z3RYRAJich8IXjY1HxIVYGoGFRVgallRHmJ/WyMVYGofCF5kbk1ScndoWBkGZn9bIxVgah-oXFWEbWVEFfGpBRAJiPQ0CWz1/WicCYmtYUQFia01TADQzGgRWPSJNU3Zjal1PAHQvVVA
IP 54.230.245.39:0
File type ASCII text, with very long lines (442), with no line terminators
Hash 7cc18e07402b96a0405e43c1669815f6
71af66f4428610de1658e1fcf58645d84c256d78
b1e4083b6ff641accf015fb8567e040ac886b530d619aa6761d12019b93ecdba
Analyzer Verdict Alert fortinet Malware
GET /BUlpoYTAxNQYHDyYzDFwIYG5cVgN0MBsOXiJnAxNUGRUEC1YTCk4VSjZnWEdcMzQPXBY3NAtcAXQ7DAMNZnwcEV85Zx0PVDc8AQ9VNnwdAA0/NRIIXD47TVN2Z3RYRAJich8IXjY1HxIVYGoGFRVgallRHmJ/WyMVYGofCF5kbk1ScndoWBkGZn9bIxVgah-oXFWEbWVEFfGpBRAJiPQ0CWz1/WicCYmtYUQFia01TADQzGgRWPSJNU3Zjal1PAHQvVVA HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lassistslegisten.com/
HTTP/1.1 200 OK
Content-Length: 348
Connection: keep-alive
Date: Sun, 04 Dec 2022 14:27:28 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FdMnlAHaG7xWxqreRZcRkJNb_lUqM3NbPHZZxMqXGlY_v-xmuVT8Mg==
lynormationpas.com/popunder.gif
104.21.53.208301 Moved Permanently 0 B URL HTTP/1.1 lynormationpas.com/popunder.gif
IP 104.21.53.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 14:27:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 04 Dec 2022 15:27:28 GMT
Location: https://lynormationpas.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrCdt7CVCvkOCuNG%2F9%2BfbBlxH8Nkh0v%2BaHw22KnIycZyqfjZnCD%2Fi9SFTNwZrrX1TmD0l7eJgW8vrLRPWQNPagpA0uVgqjzs3WLQnT%2BUcO7d0y%2BuS7Cl2igUXtnWiOr9xykCAX8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77453918fce4fab4-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 382092168612cc7cd2801ddb750828ac
aab1eb4b076d323d448bfb46e235c2b391d94b48
ae956b5ed9d95fca5d2c863c5df7e6f5c6e41ad4382e4be7cd843f549cde0ae7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AE956B5ED9D95FCA5D2C863C5DF7E6F5C6E41AD4382E4BE7CD843F549CDE0AE7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9445
Expires: Sun, 04 Dec 2022 17:04:53 GMT
Date: Sun, 04 Dec 2022 14:27:28 GMT
Connection: keep-alive
push.services.mozilla.com/
52.38.227.80101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.227.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UYjr9a2aKDggZ8dblT1QtA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: J6dxTPDmBrwA22J+GELc80buki0=
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 382092168612cc7cd2801ddb750828ac
aab1eb4b076d323d448bfb46e235c2b391d94b48
ae956b5ed9d95fca5d2c863c5df7e6f5c6e41ad4382e4be7cd843f549cde0ae7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AE956B5ED9D95FCA5D2C863C5DF7E6F5C6E41AD4382E4BE7CD843F549CDE0AE7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9444
Expires: Sun, 04 Dec 2022 17:04:53 GMT
Date: Sun, 04 Dec 2022 14:27:29 GMT
Connection: keep-alive
www63.davisonbarker.pro/static/image/logo.png
172.67.186.48200 OK 11 kB URL HTTP/2 www63.davisonbarker.pro/static/image/logo.png
IP 172.67.186.48:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www63.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=4927878&pci=6962411507&t=1670163982&dest=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 14:27:29 GMT
content-type: image/png
content-length: 10726
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 14:15:13 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b22ed065d915c717;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 712
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YXZeJoNakPRUBXSenynliRinndMO4UIfKq0Dz2RtALN4wuPnSRf4S%2FuEV2qbsy9wRhgQ1lEl9MX1d45skspaxflrk9Xxzfnwp8nIzRkUZww1fCvhiVzay2y7GgwhmKfxMIcbEe%2BTZFAqsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745391b39f80b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.26200 OK 50 kB URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.26:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash bc7e73d8f07057a8e8485e42da7cc9a3
1444497a189b0db70828cd1545e62f84077c393b
cb6ff93dc76500ac9bd3f2163392a5066ab4d7f2ea19df70383ef43da83f9e3e
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 50246
date: Sun, 04 Dec 2022 14:27:29 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HscvaM2c97vLA66GxrZV7Mi-Zviw_YY_p5DC7n701RZnYCYA2YS-7A==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:29 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lynormationpas.com/QmRlb0ltWwYcdAwJKygEBT0kOXp2JTMYGxMANCkeAAgzFQoULUMbICZZXV19dlNWSTkrAFhce2QXEQ49NxdYXm8rCgMAdGQSWF9nekpUXGdyQhBSeGQQFQ4uf1VDHz02CFhef3VUVFl9clBSXntx
104.21.53.208204 No Content 0 B URL HTTP/2 lynormationpas.com/QmRlb0ltWwYcdAwJKygEBT0kOXp2JTMYGxMANCkeAAgzFQoULUMbICZZXV19dlNWSTkrAFhce2QXEQ49NxdYXm8rCgMAdGQSWF9nekpUXGdyQhBSeGQQFQ4uf1VDHz02CFhef3VUVFl9clBSXntx
IP 104.21.53.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /QmRlb0ltWwYcdAwJKygEBT0kOXp2JTMYGxMANCkeAAgzFQoULUMbICZZXV19dlNWSTkrAFhce2QXEQ49NxdYXm8rCgMAdGQSWF9nekpUXGdyQhBSeGQQFQ4uf1VDHz02CFhef3VUVFl9clBSXntx HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 14:27:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJ3JJlpKSp0vwmEs0hL3pRvud6H6dsjOVbTtmeBRYpUKCWQ%2FngfcM%2B1UZyCe3d8FqlToHhpdzg%2BjmVSti7BmwspQnbYcmpUaaEXduSueV%2FiO404%2BTmO6JnVVbDwlLvKHHYIF7IQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7745391d8acab4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 14:27:29 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lassistslegisten.com/Ulp2engzOBUXRzNnFFwNIDZLX0oUf0Q8HDFvHUIeNW8fFRtqKVgZFD0vEhwKPTQCVBY3LlNIPjM+RRIgAGpOLz4oMR4ZOR8IO0kIYQgjAhIxEg4oPTsLGTMpNhw+AhthFzQRSRsgBUw+Ch8MNCocHCxIPTgcHiMPNzcdKT44CEAcFBcAOwMuKwtHThIcIzcZKgETBjEAGz8mExMjH0dOERg0Pxs+K2oDMwAhABUULRgLGiAWCzRHMi0RGwMzKh8CPz4qIwgjHU0faAY8KxUARSMtNj4sOy4jCCMdHx4zMDgsGhBGPi4YESwAQWcLR0sTEA0GPCsRdyMCGTkLQyAWNmwhLxB3aDQjFmMSPgAxORA0EhwICzBDKmI2GB5LZxIlIjJjPA4/KhgJPwo/ExgPHik+HSU9MiI8Rz82MzQvXBIhNRgKRRoKDj0ZMD4CNxU
13.33.141.74200 OK 1.2 kB URL HTTP/2 lassistslegisten.com/Ulp2engzOBUXRzNnFFwNIDZLX0oUf0Q8HDFvHUIeNW8fFRtqKVgZFD0vEhwKPTQCVBY3LlNIPjM+RRIgAGpOLz4oMR4ZOR8IO0kIYQgjAhIxEg4oPTsLGTMpNhw+AhthFzQRSRsgBUw+Ch8MNCocHCxIPTgcHiMPNzcdKT44CEAcFBcAOwMuKwtHThIcIzcZKgETBjEAGz8mExMjH0dOERg0Pxs+K2oDMwAhABUULRgLGiAWCzRHMi0RGwMzKh8CPz4qIwgjHU0faAY8KxUARSMtNj4sOy4jCCMdHx4zMDgsGhBGPi4YESwAQWcLR0sTEA0GPCsRdyMCGTkLQyAWNmwhLxB3aDQjFmMSPgAxORA0EhwICzBDKmI2GB5LZxIlIjJjPA4/KhgJPwo/ExgPHik+HSU9MiI8Rz82MzQvXBIhNRgKRRoKDj0ZMD4CNxU
IP 13.33.141.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 48913883edba7e52273a1fb506e490ee
096d2a7683f556a13a60a9ebe74fa4248e861e74
e29276d9c4febcf6561e4dcc84614e5c3e9ca7f45d7d9939a96ba59251c8e0de
GET /Ulp2engzOBUXRzNnFFwNIDZLX0oUf0Q8HDFvHUIeNW8fFRtqKVgZFD0vEhwKPTQCVBY3LlNIPjM+RRIgAGpOLz4oMR4ZOR8IO0kIYQgjAhIxEg4oPTsLGTMpNhw+AhthFzQRSRsgBUw+Ch8MNCocHCxIPTgcHiMPNzcdKT44CEAcFBcAOwMuKwtHThIcIzcZKgETBjEAGz8mExMjH0dOERg0Pxs+K2oDMwAhABUULRgLGiAWCzRHMi0RGwMzKh8CPz4qIwgjHU0faAY8KxUARSMtNj4sOy4jCCMdHx4zMDgsGhBGPi4YESwAQWcLR0sTEA0GPCsRdyMCGTkLQyAWNmwhLxB3aDQjFmMSPgAxORA0EhwICzBDKmI2GB5LZxIlIjJjPA4/KhgJPwo/ExgPHik+HSU9MiI8Rz82MzQvXBIhNRgKRRoKDj0ZMD4CNxU HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Sun, 04 Dec 2022 14:27:29 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 52185ea0de4fc3b9a693955c5e065bbe.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: RnGf4cxVDDRyCQgUM-T7SGTYnaXUbdX2j-SLpl2UkkuK70qKy175bQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4fda3d3345f6c277d30df468121e9205
7bf0de8fef68608026b46c265ed34b73f4080738
90e2a5c8351a750b8ceb35165b1b49cfd4dad25f30fba190dafdbc9df48b6f0b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90E2A5C8351A750B8CEB35165B1B49CFD4DAD25F30FBA190DAFDBC9DF48B6F0B"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16322
Expires: Sun, 04 Dec 2022 18:59:31 GMT
Date: Sun, 04 Dec 2022 14:27:29 GMT
Connection: keep-alive
dc5k8fg5ioc8s.cloudfront.net/ad3hXR08UFzkhcAMRM3p3RUxjcHxREiQoIQdFHxc3MBk1Izs6FXEzNRNFZ2EjFhYwemkSFjR6flEZMyVyQ14jNyAcRSIpKxIePikqE14iJnIaFy0uIxsZcnUJQlZnYn1HUCAuIRMXIDRqRUg5M2pFSGZ3YUddZAVqRUggLiFBTHJ0DVJKZz95Q11kBWpFSC-UxakQ5Znd6WUh+Yn1HHzIkJBhdZQF9R0lnd35HSXJ1fxERJSIpGABydQlGSGJpf1ENanY
54.230.245.26200 OK 348 B URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/ad3hXR08UFzkhcAMRM3p3RUxjcHxREiQoIQdFHxc3MBk1Izs6FXEzNRNFZ2EjFhYwemkSFjR6flEZMyVyQ14jNyAcRSIpKxIePikqE14iJnIaFy0uIxsZcnUJQlZnYn1HUCAuIRMXIDRqRUg5M2pFSGZ3YUddZAVqRUggLiFBTHJ0DVJKZz95Q11kBWpFSC-UxakQ5Znd6WUh+Yn1HHzIkJBhdZQF9R0lnd35HSXJ1fxERJSIpGABydQlGSGJpf1ENanY
IP 54.230.245.26:0
File type ASCII text, with very long lines (442), with no line terminators
Hash ada49d0dcfd79a8b0ae3dad2224d8141
2226e83dbab3497258e91429db01aa34825519a3
725d59372245d61f75409ecdd001ea528ed8b59742055e641cba37ce5958dd9b
Analyzer Verdict Alert fortinet Malware
GET /ad3hXR08UFzkhcAMRM3p3RUxjcHxREiQoIQdFHxc3MBk1Izs6FXEzNRNFZ2EjFhYwemkSFjR6flEZMyVyQ14jNyAcRSIpKxIePikqE14iJnIaFy0uIxsZcnUJQlZnYn1HUCAuIRMXIDRqRUg5M2pFSGZ3YUddZAVqRUggLiFBTHJ0DVJKZz95Q11kBWpFSC-UxakQ5Znd6WUh+Yn1HHzIkJBhdZQF9R0lnd35HSXJ1fxERJSIpGABydQlGSGJpf1ENanY HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lassistslegisten.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 348
date: Sun, 04 Dec 2022 14:27:29 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wDbqZIaeaxiCERo2Qs00jO69YSlRVvbNctFFoSGcLMMwJAAR49lyig==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9121
Expires: Sun, 04 Dec 2022 16:59:30 GMT
Date: Sun, 04 Dec 2022 14:27:29 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9121
Expires: Sun, 04 Dec 2022 16:59:30 GMT
Date: Sun, 04 Dec 2022 14:27:29 GMT
Connection: keep-alive
lassistslegisten.com/utx?cb=pjMdrVQJD6bf&top=www63.davisonbarker.pro&tid=824473
13.33.141.74204 No Content 0 B URL HTTP/2 lassistslegisten.com/utx?cb=pjMdrVQJD6bf&top=www63.davisonbarker.pro&tid=824473
IP 13.33.141.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=pjMdrVQJD6bf&top=www63.davisonbarker.pro&tid=824473 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www63.davisonbarker.pro
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 14:27:29 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www63.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 14:28:29 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 52185ea0de4fc3b9a693955c5e065bbe.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: AJOhQK4KP0FJlK1N-DwYD4T6JIAh4XQ6n7jenqazheY_U-Xmp4YcSw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5e178f3b526edee352d9b28af2257f11
07b38a86e9afe9a3aa168eacb99ae717d54829f4
d9ecd0706d265906b70d78272c9ddeec7bc96e61f7e5554372d08e019a91e4ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D9ECD0706D265906B70D78272C9DDEEC7BC96E61F7E5554372D08E019A91E4CE"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9120
Expires: Sun, 04 Dec 2022 16:59:30 GMT
Date: Sun, 04 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7426
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7426
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 14:27:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7426
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 14:27:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:26:41 GMT
age: 25249
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www63.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=4927878&pci=6962411507&t=1670163982&dest=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0
172.67.186.48200 OK 8.0 kB URL HTTP/2 www63.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=4927878&pci=6962411507&t=1670163982&dest=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0
IP 172.67.186.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Hash 6c19a7d94db1d1a40f08e50783a94e62
5f9d052ea5dc07639244171f28804c61b7841420
4159f84996cc7e12bb3e015c555661e657771534280714770a8a5a4104dce951
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=4927878&pci=6962411507&t=1670163982&dest=https%3A%2F%2Fgitlab.com%2FTrafalcraft%2FantiRedstoneClock%2F-%2Freleases%2F1.5.0 HTTP/1.1
Host: www63.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 14:27:29 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www63.davisonbarker.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ob2RJSOB935WUVVUlaSPHqrYZU44APP9%2Ff7ilaoRwdZ9rCHRDZqE0RXDpSJSsjp%2Bh6rD9k4hY7OtNXINgxs%2FOV1uAI9MBRQrb7bAgZuqtKE4aLSnlFx0sn%2BpZL2WOg04esVhceUqo8%2FV7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7745391928530b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 59683
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:16:07 GMT
age: 25883
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 60209
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 9.0 kB IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash 97f56cbeacc9b852a4b72c49ba088d24
c6986757ea9d0dd7a12952a8101b72f495a3c15b
e8d5af85f00bfe7ce4a54d78dad35701b54a40d2771059e0e113124206961f47
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www63.davisonbarker.pro/
Origin: https://www63.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 14:27:30 GMT
content-type: text/plain
set-cookie: csu=2184520607122458@1@1670164050; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www63.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Itu9fBKLL552buCBTXaOwvPq0MuUaWti2BLjaqKnKNbCRuLPinn3TXJEr4gaphAb2qv8MmMxTwtYTTSDdSCNCwGs%2Bviige8fCh3OS50NY76QBHgP0Dkdvzp0%2FrzMNWn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774539206f7f775b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndandinter.hair/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 366
Origin: https://www63.davisonbarker.pro
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
lassistslegisten.com/floater?cs=NGdJV2YCU3FnVwZUemZWBFF8blI&abt=0&red=1&sm=83&k=&v=0.8.13.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=2184520607122458&agec=1670164050&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=173.3102253032929&ref=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&osr=www1.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_qvQk=1670164047759&crc=1
13.33.141.74200 OK 1.2 kB URL HTTP/2 lassistslegisten.com/floater?cs=NGdJV2YCU3FnVwZUemZWBFF8blI&abt=0&red=1&sm=83&k=&v=0.8.13.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=2184520607122458&agec=1670164050&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=173.3102253032929&ref=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&osr=www1.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_qvQk=1670164047759&crc=1
IP 13.33.141.74:0
File type ASCII text, with very long lines (1871), with no line terminators
Hash f1fe0f21e4c1752c4547abdc243066b1
22427d6286467455acc970c998ff744e1f167c53
f9fef59de1bba97150b301971bba09ab4e10b27829a0f7bcf1bcfa1e09541de3
GET /floater?cs=NGdJV2YCU3FnVwZUemZWBFF8blI&abt=0&red=1&sm=83&k=&v=0.8.13.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=2184520607122458&agec=1670164050&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=173.3102253032929&ref=https%3A%2F%2Fwww63.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&osr=www1.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_qvQk=1670164047759&crc=1 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www63.davisonbarker.pro
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1169
date: Sun, 04 Dec 2022 14:27:30 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www63.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a5b99b7d-6bf2-45d8-a241-fefa7a38edf1
csu=2184520607122458
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 52185ea0de4fc3b9a693955c5e065bbe.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: 9ymHhr0ftJ_Mwdc7Y5xUxMwUKuI7alDj3SaHxYTVaMqgTDKQcEaqSQ==
X-Firefox-Spdy: h2
ndandinter.hair/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www63.davisonbarker.pro/
Content-Type: text/plain;charset=UTF-8
Origin: https://www63.davisonbarker.pro
Content-Length: 330
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ndandinter.hair/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www63.davisonbarker.pro/
Content-Type: text/plain;charset=UTF-8
Origin: https://www63.davisonbarker.pro
Content-Length: 334
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.26200 OK 50 kB URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.26:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash bc7e73d8f07057a8e8485e42da7cc9a3
1444497a189b0db70828cd1545e62f84077c393b
cb6ff93dc76500ac9bd3f2163392a5066ab4d7f2ea19df70383ef43da83f9e3e
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 50246
date: Sun, 04 Dec 2022 14:27:32 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vEXPTvLmSEqes5E-ke-VnI9NgXUCGGIA5lK11bC90muyjR-NMiiQ1g==
X-Firefox-Spdy: h2
lassistslegisten.com/N2VOck1WBy0fclZYLFQ4RQlzV39xQHw0KVRQJUorUFAnHS4PFmARIVgQKhQ/WAs6XCNSEWtAC3wBfjt+YSIfJwFhDjclOnoXG0AhVDcWKwluVCogBnI0eTEqU0B8NB9fXQYiDkQqCjY6DigJOxlmAgNGGAUJGyceAjIBFQN8Pwg7e3VVPggIYzAPNBUPIS0aDH8pGAo9cjclHxhdLAA1HlMxLRoIYAN/HXp/DXoHGk0zDCAcZiYrHh9kBg8WdXIdegEYTRYaMApUIxQzInM/OSQmYTAqAQ8EIxY8GlQjFDAAUikPNCpmMB8zCFo/GzZ+ZiEtJC4GPzlfG1wjKTQjdScYJB8EBhQoCAY2LTMuTSQcIz1gLQglAG8kBigbZS0tBSlbNBskNGIxfiUIXjcXPghxIwwzF1wwGB40cjYIKB9QQyQBIlkVcwMGVC4nSxVvLzwnCg
13.33.141.74200 OK 1.2 kB URL HTTP/2 lassistslegisten.com/N2VOck1WBy0fclZYLFQ4RQlzV39xQHw0KVRQJUorUFAnHS4PFmARIVgQKhQ/WAs6XCNSEWtAC3wBfjt+YSIfJwFhDjclOnoXG0AhVDcWKwluVCogBnI0eTEqU0B8NB9fXQYiDkQqCjY6DigJOxlmAgNGGAUJGyceAjIBFQN8Pwg7e3VVPggIYzAPNBUPIS0aDH8pGAo9cjclHxhdLAA1HlMxLRoIYAN/HXp/DXoHGk0zDCAcZiYrHh9kBg8WdXIdegEYTRYaMApUIxQzInM/OSQmYTAqAQ8EIxY8GlQjFDAAUikPNCpmMB8zCFo/GzZ+ZiEtJC4GPzlfG1wjKTQjdScYJB8EBhQoCAY2LTMuTSQcIz1gLQglAG8kBigbZS0tBSlbNBskNGIxfiUIXjcXPghxIwwzF1wwGB40cjYIKB9QQyQBIlkVcwMGVC4nSxVvLzwnCg
IP 13.33.141.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3040), with no line terminators
Hash acae84b60295378a575d231d8710f9f3
99d5b6532cc69014d251826b41155e9fc8e790ca
2284fe7dee1fe0d7ebe4cbfe73344005ce2a9824d80e9632c9da82a3006cdd88
GET /N2VOck1WBy0fclZYLFQ4RQlzV39xQHw0KVRQJUorUFAnHS4PFmARIVgQKhQ/WAs6XCNSEWtAC3wBfjt+YSIfJwFhDjclOnoXG0AhVDcWKwluVCogBnI0eTEqU0B8NB9fXQYiDkQqCjY6DigJOxlmAgNGGAUJGyceAjIBFQN8Pwg7e3VVPggIYzAPNBUPIS0aDH8pGAo9cjclHxhdLAA1HlMxLRoIYAN/HXp/DXoHGk0zDCAcZiYrHh9kBg8WdXIdegEYTRYaMApUIxQzInM/OSQmYTAqAQ8EIxY8GlQjFDAAUikPNCpmMB8zCFo/GzZ+ZiEtJC4GPzlfG1wjKTQjdScYJB8EBhQoCAY2LTMuTSQcIz1gLQglAG8kBigbZS0tBSlbNBskNGIxfiUIXjcXPghxIwwzF1wwGB40cjYIKB9QQyQBIlkVcwMGVC4nSxVvLzwnCg HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Sun, 04 Dec 2022 14:27:32 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 52185ea0de4fc3b9a693955c5e065bbe.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: byVWLIvJGHAilOoODrY8ZIyq_4zXlk4c34dzk3AKyZox7HZo2naZRw==
X-Firefox-Spdy: h2
lassistslegisten.com/utx?cb=n5xT8xvvanqg&top=www54.davisonbarker.pro&tid=824473
13.33.141.74204 No Content 0 B URL HTTP/2 lassistslegisten.com/utx?cb=n5xT8xvvanqg&top=www54.davisonbarker.pro&tid=824473
IP 13.33.141.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=n5xT8xvvanqg&top=www54.davisonbarker.pro&tid=824473 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www54.davisonbarker.pro
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 14:27:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www54.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 14:28:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 52185ea0de4fc3b9a693955c5e065bbe.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: JI9gavMCNHdDuoOk8NPnvEA26Uy8HR0iR6ABjZYAVUcdqrmjAs7a0w==
X-Firefox-Spdy: h2
ndandinter.hair/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 362
Origin: https://www54.davisonbarker.pro
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/Kd0I3VGQULVkyWwMrU2lcRXYDY1dRKEQ7Cgd/Rh8HPCsODDw9MGITQgM4U2lUUS5WOgNKZFI6B0pzETUAFX8DchAHLVxpERkmUjINGSdTchEWf1o7Hh4uWzVBRQQCelRScAd8Ex4sUzsTBGcFZAoDZwVkVUdsB3FXNWcFZBMeLAFgQUQAEmZUD3QDcVc1Zw-VkFgFnBBVVR3cZZE1ScAczARQpWHFWMXAHZVRHcwdlQUVyUT0WEiRYLEFFBAZkUVlyESFZRg
54.230.245.26200 OK 350 B URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/Kd0I3VGQULVkyWwMrU2lcRXYDY1dRKEQ7Cgd/Rh8HPCsODDw9MGITQgM4U2lUUS5WOgNKZFI6B0pzETUAFX8DchAHLVxpERkmUjINGSdTchEWf1o7Hh4uWzVBRQQCelRScAd8Ex4sUzsTBGcFZAoDZwVkVUdsB3FXNWcFZBMeLAFgQUQAEmZUD3QDcVc1Zw-VkFgFnBBVVR3cZZE1ScAczARQpWHFWMXAHZVRHcwdlQUVyUT0WEiRYLEFFBAZkUVlyESFZRg
IP 54.230.245.26:0
File type ASCII text, with very long lines (444), with no line terminators
Hash c9709e760f7f996b3f29c96295780e5d
d07b70e6448925281c0d57fa0dc0b4f1efed5a31
279364f33b2541bd7661c5122fbacdd902b21ec51b807ef8faa4d156a0eab7c7
Analyzer Verdict Alert fortinet Malware
GET /Kd0I3VGQULVkyWwMrU2lcRXYDY1dRKEQ7Cgd/Rh8HPCsODDw9MGITQgM4U2lUUS5WOgNKZFI6B0pzETUAFX8DchAHLVxpERkmUjINGSdTchEWf1o7Hh4uWzVBRQQCelRScAd8Ex4sUzsTBGcFZAoDZwVkVUdsB3FXNWcFZBMeLAFgQUQAEmZUD3QDcVc1Zw-VkFgFnBBVVR3cZZE1ScAczARQpWHFWMXAHZVRHcwdlQUVyUT0WEiRYLEFFBAZkUVlyESFZRg HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lassistslegisten.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 350
date: Sun, 04 Dec 2022 14:27:32 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Mp-pJgu1bIUKIQ3A1LThq_FnhLO01XX7EnJ66HY05WL7J0SSbDH2fA==
X-Firefox-Spdy: h2
ablesasmetotr.monster/utx?tid=818286&top=www54.davisonbarker.pro&cb=MO3r2THW1rqX
13.35.8.124204 No Content 40 kB URL HTTP/2 ablesasmetotr.monster/utx?tid=818286&top=www54.davisonbarker.pro&cb=MO3r2THW1rqX
IP 13.35.8.124:0
Hash eb1de1d520a86891aa1a2d97ed2929f1
178afaaea6397b55007c13b38d34c383d9919b20
621b77439d61c669611ec49ba9390e3538095266377d54ab99bfdda87652b101
GET /utx?tid=818286&top=www54.davisonbarker.pro&cb=MO3r2THW1rqX HTTP/1.1
Host: ablesasmetotr.monster
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www54.davisonbarker.pro
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 14:27:32 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www54.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 14:28:32 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 203715eee1aff29c3cd146fbb151966c.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN5-C1
x-amz-cf-id: MuG5xsClOwPTmswVDEQQaGqWe5iNLUwDxoJseFm3HJ89NCKit8hagw==
X-Firefox-Spdy: h2
ndandinter.hair/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www54.davisonbarker.pro/
Content-Type: text/plain;charset=UTF-8
Origin: https://www54.davisonbarker.pro
Content-Length: 328
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
lassistslegisten.com/floater?cs=Nk52UHUDdkBpRwF2QWdGBXlGYEM&abt=0&red=1&sm=83&k=&v=0.8.13.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=-2&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=274.72527472527474&ref=https%3A%2F%2Fwww54.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&osr=www1.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_IUGP=1670164050342&crc=1
13.33.141.74200 OK 104 kB URL HTTP/2 lassistslegisten.com/floater?cs=Nk52UHUDdkBpRwF2QWdGBXlGYEM&abt=0&red=1&sm=83&k=&v=0.8.13.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=-2&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=274.72527472527474&ref=https%3A%2F%2Fwww54.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&osr=www1.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_IUGP=1670164050342&crc=1
IP 13.33.141.74:0
Size 104 kB (103684 bytes)
Hash aa9de649d6ae5a85d7175322af627b31
dbe2c956b61e0da41c49e13f1949096584bf5c2c
7952eacb2756a5846044d25e44be6e26dfafa3e43d5334455ef08d7c76e9a510
GET /floater?cs=Nk52UHUDdkBpRwF2QWdGBXlGYEM&abt=0&red=1&sm=83&k=&v=0.8.13.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=-2&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=274.72527472527474&ref=https%3A%2F%2Fwww54.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D4927878%26pci%3D6962411507%26t%3D1670163982%26dest%3Dhttps%253A%252F%252Fgitlab.com%252FTrafalcraft%252FantiRedstoneClock%252F-%252Freleases%252F1.5.0&osr=www1.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=td1_oi1_&_IUGP=1670164050342&crc=1 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www54.davisonbarker.pro
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1284
date: Sun, 04 Dec 2022 14:27:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www54.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=84c50794-6a81-4582-a70e-58e59d15ac83
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 52185ea0de4fc3b9a693955c5e065bbe.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: gAU7bnaa-Ny-sTq9oHuOt1h6kMnlWtbX0cJu-4CdbedUrevjDOpurw==
X-Firefox-Spdy: h2
ndandinter.hair/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www54.davisonbarker.pro/
Content-Type: text/plain;charset=UTF-8
Origin: https://www54.davisonbarker.pro
Content-Length: 340
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c87f8d67cdc5d43a66e60349d7899f9
8fb5404d75ed9a04081d87119dcc14293c079dbe
4e4ff27a24286cbbaf6720678c8718b5c8c6f9779a745aba0d4c401a9eafc027
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4E4FF27A24286CBBAF6720678C8718B5C8C6F9779A745ABA0D4C401A9EAFC027"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5217
Expires: Sun, 04 Dec 2022 15:54:32 GMT
Date: Sun, 04 Dec 2022 14:27:35 GMT
Connection: keep-alive
ndandinter.hair/aGgyQWszSgpwU1pQBGNHSlwLc1xQXwpjR0pcC3NcUF8KHlpcWgN2WFFKHmNSDFsGJAkMWx92W1kMH3UKWV8feFxbWR95XwwMCnkOX1xXcwpKRBAyHEpEEC8PCQZWKAUcDUBvAwkBQGNHSlkCb1lKRFQgBxsNHicKBBtXbQ0JBEEkNg
54.162.51.18200 OK 12 kB URL HTTP/2 ndandinter.hair/aGgyQWszSgpwU1pQBGNHSlwLc1xQXwpjR0pcC3NcUF8KHlpcWgN2WFFKHmNSDFsGJAkMWx92W1kMH3UKWV8feFxbWR95XwwMCnkOX1xXcwpKRBAyHEpEEC8PCQZWKAUcDUBvAwkBQGNHSlkCb1lKRFQgBxsNHicKBBtXbQ0JBEEkNg
IP 54.162.51.18:0
Hash 910ff090c93c29c694cabdcbb58355f8
ae9176f84e1be5ec656d9f98b4b811be74200da9
234d4d9aff3b26b4c8b64090b5d4f5e60eb9d62f272a66b233cd406b78cc3dd0
GET /aGgyQWszSgpwU1pQBGNHSlwLc1xQXwpjR0pcC3NcUF8KHlpcWgN2WFFKHmNSDFsGJAkMWx92W1kMH3UKWV8feFxbWR95XwwMCnkOX1xXcwpKRBAyHEpEEC8PCQZWKAUcDUBvAwkBQGNHSlkCb1lKRFQgBxsNHicKBBtXbQ0JBEEkNg HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 34803e6eaab423027d25187cd6f075f7=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8007-01zyCBcXjAgFg4vIcAjv92CZDHc"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c87f8d67cdc5d43a66e60349d7899f9
8fb5404d75ed9a04081d87119dcc14293c079dbe
4e4ff27a24286cbbaf6720678c8718b5c8c6f9779a745aba0d4c401a9eafc027
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4E4FF27A24286CBBAF6720678C8718B5C8C6F9779A745ABA0D4C401A9EAFC027"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5217
Expires: Sun, 04 Dec 2022 15:54:32 GMT
Date: Sun, 04 Dec 2022 14:27:35 GMT
Connection: keep-alive
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.162.38200 OK 1.1 kB URL HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.162.38:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 14:27:35 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-hw: 1670164055.cds250.lo4.h2,1670164055.cds216.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTBTCXSjKjA06Fs6kPxHFvp%2B7EycbAyCVoB3fYTSfM7h3QL%2Bbq8tqt%2BWQoDDAu5bRVP2QUh%2FfjrjpbDcASMyzjG7pvUvppAJaX9tE2aOMc0gCVWFqGaPeaGCbaL9yLG89tjxYSoBr5si3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 774539451cf00662-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndandinter.hair/ZDAzb3AfEkAYLxFCX01KRlhHGwAXChxABxNHBVxeAFFFBgMLXlEOAg9VQUEAFl8cDh1JQEYcGElTQxxeDkMMHwUNVA5bSVYHC1hIQlNfBhMPWVdSRF0CBFdHXG8CW0JVBwBWVgVcXw1NDERHHwNBA3JKQiIVASkXDURfDhJKU1wCVVZ2Zx0RAlFfDAIFVkdKQiJRXRsZNlVXHAQLXlYsHAtTWEpCIh0WXTYWVV8KERdVQEpCIgEdWl5UFlwNTQxERx8DQQNySkIiFQEpBxNHBlpeAFFFBgMLXlEOAg9VQUEAFl8WXTYURUAHAgFUWh0VB0QWXTZBA3UbHRQVACtBQQIFARUQR1wdG0EDd1xVVgZaAANBA3dfVVYGQAYEARUAKxEAVl8WVVYGUEpDIAIWXUYUQFpKQyAECl1HXAcLSkJSQFAGVVd0BVZGVgQCXkVUBxZdRhAVACtBUgcDXkZXCQtdVVYGVwoDEBUAKxgQREMcVVYFAC5VVgUBKVVWBQEpFw1EXw4SSlNcAlVWBQEpJBZRVQ4cB0JSCQRBAgZdNgVeRwYiAVRAGx8KVXADHwdbFl1FVnYeSkJRAnUdFQhVUhwVFxUBWkIiAR1aXlQWUAMSWVhHGwAXFQAuVVZ2Fl02E0dEWkVKVFIZGRdfXQ0RFltWHV4UQlxKQiJARhwYFlVXBgIBU0dKQiIVACkECUAWXDRWFQFZHgFERAACDxUAK0NBAgUGHxcVACtAQQIFHBkQVRZcNAVUVQMJQQIFDFVXdAFKQlJAQwZVV3QHVkJTCARXVVYGQwwZQQN3WUlSAgdeQVEABEpCUkQWXDRVBgRfQVIDCldCQQIFCxUXRBZcNAxERx8DQQIGXDFBAgZdNkECBl02A1lHAxEGHlAAHUECBl02MEJSCREIU0EOFhAVAVpCIlFdGxk2VVccBAteViwcC1NYSkJRAnVCVVYFASkCAVxWDgMBQxZdRVZ2AkFFSgAVDgMGDVsbBBRDFlwxQQJ1SkIiV1obHAVSHQwfCRUBKSQWUVUOHAdCUgkEQQJ1Dh4QWWEKFBdEXAEVJ1xcDBtBAnVCVVZ2QQocAVFACgNBAnVeXlEeA01cRkNeCVJeAR9NAwlGEVVSUB4ATVxGRFIILw1UEVVSXAELXUhSEh9NAxFSbAYUVRIJTURdAgRXR1wSH00DEVJsBhRWEglNRF0CBFdHXG8CW0JVBwBWUkgSUgMcBhIJTRgQREMcSksfVAYECFFRQRMLXRw7AgVWUgMTFlFVG18FXkcGIgFUQBsfClVwAx8HWxxCXxZVXwoRF1VAQEFKBR1fUkgSXA1SXhJbGwQUQwlAXxNHRFpFSlRSGRkXX10NERZbVh1eFEJcQAARQ1sdFQBZQQoTEB8MGx0UDQJJHgFERAACDw0ASRkLQw5fVhdZRwpNBVRVAwlCUw5dVhRAWlJEXQIEV0dcFkMMGVkGCllCUAECWkBTFkdSQVIHA15GVwkLXVYAVUAbTQxERx8DQQNySkIiFQEpFw1EXw4SSlNcAlVWdmcdEQJRXwwCBVZHSkIiUV0bGTZVVxwEC15WLBwLU1hKQiIdFl02FlVfChEXVUBKQiIBHVpeVBIfTRMIUhFVUgxERx8DXh8cGAcTBQZBFAVGWhwfClJSHRsBQh0fAgsfQxoDDEJWCxkWVVAbX1tEXh9NVhZdCgQTX0EETVcWWgADWQAVHBkQVQ4OFAJcSkkTWQIVHwANDQdWQlMIBFdWFFNaUkZdBgFbQVUFA1hWEA0CWUdUAQVcSVwCFQsVF0QOBwQQQEBKQyUVASlVVnZUBgQIUVFBEwtdFl02MEJSCREIU0EOFhAVASkRCkRaPRUAQ0cAHgFzXwATDxUBKV1BAnUdFQhVUhwVFxUBKUFKBR1fUkgSUhwSRgoRBwQQQEBVX0tXWhscBVIdDB8JH2cdEQJRXwwCBVZHQBEKRFo9FQBDRwAeAXNfABMPHx5AAgFcVg4DAUMcXl5RHgNNDQ
54.162.51.18502 Bad Gateway 0 B URL HTTP/2 ndandinter.hair/ZDAzb3AfEkAYLxFCX01KRlhHGwAXChxABxNHBVxeAFFFBgMLXlEOAg9VQUEAFl8cDh1JQEYcGElTQxxeDkMMHwUNVA5bSVYHC1hIQlNfBhMPWVdSRF0CBFdHXG8CW0JVBwBWVgVcXw1NDERHHwNBA3JKQiIVASkXDURfDhJKU1wCVVZ2Zx0RAlFfDAIFVkdKQiJRXRsZNlVXHAQLXlYsHAtTWEpCIh0WXTYWVV8KERdVQEpCIgEdWl5UFlwNTQxERx8DQQNySkIiFQEpBxNHBlpeAFFFBgMLXlEOAg9VQUEAFl8WXTYURUAHAgFUWh0VB0QWXTZBA3UbHRQVACtBQQIFARUQR1wdG0EDd1xVVgZaAANBA3dfVVYGQAYEARUAKxEAVl8WVVYGUEpDIAIWXUYUQFpKQyAECl1HXAcLSkJSQFAGVVd0BVZGVgQCXkVUBxZdRhAVACtBUgcDXkZXCQtdVVYGVwoDEBUAKxgQREMcVVYFAC5VVgUBKVVWBQEpFw1EXw4SSlNcAlVWBQEpJBZRVQ4cB0JSCQRBAgZdNgVeRwYiAVRAGx8KVXADHwdbFl1FVnYeSkJRAnUdFQhVUhwVFxUBWkIiAR1aXlQWUAMSWVhHGwAXFQAuVVZ2Fl02E0dEWkVKVFIZGRdfXQ0RFltWHV4UQlxKQiJARhwYFlVXBgIBU0dKQiIVACkECUAWXDRWFQFZHgFERAACDxUAK0NBAgUGHxcVACtAQQIFHBkQVRZcNAVUVQMJQQIFDFVXdAFKQlJAQwZVV3QHVkJTCARXVVYGQwwZQQN3WUlSAgdeQVEABEpCUkQWXDRVBgRfQVIDCldCQQIFCxUXRBZcNAxERx8DQQIGXDFBAgZdNkECBl02A1lHAxEGHlAAHUECBl02MEJSCREIU0EOFhAVAVpCIlFdGxk2VVccBAteViwcC1NYSkJRAnVCVVYFASkCAVxWDgMBQxZdRVZ2AkFFSgAVDgMGDVsbBBRDFlwxQQJ1SkIiV1obHAVSHQwfCRUBKSQWUVUOHAdCUgkEQQJ1Dh4QWWEKFBdEXAEVJ1xcDBtBAnVCVVZ2QQocAVFACgNBAnVeXlEeA01cRkNeCVJeAR9NAwlGEVVSUB4ATVxGRFIILw1UEVVSXAELXUhSEh9NAxFSbAYUVRIJTURdAgRXR1wSH00DEVJsBhRWEglNRF0CBFdHXG8CW0JVBwBWUkgSUgMcBhIJTRgQREMcSksfVAYECFFRQRMLXRw7AgVWUgMTFlFVG18FXkcGIgFUQBsfClVwAx8HWxxCXxZVXwoRF1VAQEFKBR1fUkgSXA1SXhJbGwQUQwlAXxNHRFpFSlRSGRkXX10NERZbVh1eFEJcQAARQ1sdFQBZQQoTEB8MGx0UDQJJHgFERAACDw0ASRkLQw5fVhdZRwpNBVRVAwlCUw5dVhRAWlJEXQIEV0dcFkMMGVkGCllCUAECWkBTFkdSQVIHA15GVwkLXVYAVUAbTQxERx8DQQNySkIiFQEpFw1EXw4SSlNcAlVWdmcdEQJRXwwCBVZHSkIiUV0bGTZVVxwEC15WLBwLU1hKQiIdFl02FlVfChEXVUBKQiIBHVpeVBIfTRMIUhFVUgxERx8DXh8cGAcTBQZBFAVGWhwfClJSHRsBQh0fAgsfQxoDDEJWCxkWVVAbX1tEXh9NVhZdCgQTX0EETVcWWgADWQAVHBkQVQ4OFAJcSkkTWQIVHwANDQdWQlMIBFdWFFNaUkZdBgFbQVUFA1hWEA0CWUdUAQVcSVwCFQsVF0QOBwQQQEBKQyUVASlVVnZUBgQIUVFBEwtdFl02MEJSCREIU0EOFhAVASkRCkRaPRUAQ0cAHgFzXwATDxUBKV1BAnUdFQhVUhwVFxUBKUFKBR1fUkgSUhwSRgoRBwQQQEBVX0tXWhscBVIdDB8JH2cdEQJRXwwCBVZHQBEKRFo9FQBDRwAeAXNfABMPHx5AAgFcVg4DAUMcXl5RHgNNDQ
IP 54.162.51.18:0
GET /ZDAzb3AfEkAYLxFCX01KRlhHGwAXChxABxNHBVxeAFFFBgMLXlEOAg9VQUEAFl8cDh1JQEYcGElTQxxeDkMMHwUNVA5bSVYHC1hIQlNfBhMPWVdSRF0CBFdHXG8CW0JVBwBWVgVcXw1NDERHHwNBA3JKQiIVASkXDURfDhJKU1wCVVZ2Zx0RAlFfDAIFVkdKQiJRXRsZNlVXHAQLXlYsHAtTWEpCIh0WXTYWVV8KERdVQEpCIgEdWl5UFlwNTQxERx8DQQNySkIiFQEpBxNHBlpeAFFFBgMLXlEOAg9VQUEAFl8WXTYURUAHAgFUWh0VB0QWXTZBA3UbHRQVACtBQQIFARUQR1wdG0EDd1xVVgZaAANBA3dfVVYGQAYEARUAKxEAVl8WVVYGUEpDIAIWXUYUQFpKQyAECl1HXAcLSkJSQFAGVVd0BVZGVgQCXkVUBxZdRhAVACtBUgcDXkZXCQtdVVYGVwoDEBUAKxgQREMcVVYFAC5VVgUBKVVWBQEpFw1EXw4SSlNcAlVWBQEpJBZRVQ4cB0JSCQRBAgZdNgVeRwYiAVRAGx8KVXADHwdbFl1FVnYeSkJRAnUdFQhVUhwVFxUBWkIiAR1aXlQWUAMSWVhHGwAXFQAuVVZ2Fl02E0dEWkVKVFIZGRdfXQ0RFltWHV4UQlxKQiJARhwYFlVXBgIBU0dKQiIVACkECUAWXDRWFQFZHgFERAACDxUAK0NBAgUGHxcVACtAQQIFHBkQVRZcNAVUVQMJQQIFDFVXdAFKQlJAQwZVV3QHVkJTCARXVVYGQwwZQQN3WUlSAgdeQVEABEpCUkQWXDRVBgRfQVIDCldCQQIFCxUXRBZcNAxERx8DQQIGXDFBAgZdNkECBl02A1lHAxEGHlAAHUECBl02MEJSCREIU0EOFhAVAVpCIlFdGxk2VVccBAteViwcC1NYSkJRAnVCVVYFASkCAVxWDgMBQxZdRVZ2AkFFSgAVDgMGDVsbBBRDFlwxQQJ1SkIiV1obHAVSHQwfCRUBKSQWUVUOHAdCUgkEQQJ1Dh4QWWEKFBdEXAEVJ1xcDBtBAnVCVVZ2QQocAVFACgNBAnVeXlEeA01cRkNeCVJeAR9NAwlGEVVSUB4ATVxGRFIILw1UEVVSXAELXUhSEh9NAxFSbAYUVRIJTURdAgRXR1wSH00DEVJsBhRWEglNRF0CBFdHXG8CW0JVBwBWUkgSUgMcBhIJTRgQREMcSksfVAYECFFRQRMLXRw7AgVWUgMTFlFVG18FXkcGIgFUQBsfClVwAx8HWxxCXxZVXwoRF1VAQEFKBR1fUkgSXA1SXhJbGwQUQwlAXxNHRFpFSlRSGRkXX10NERZbVh1eFEJcQAARQ1sdFQBZQQoTEB8MGx0UDQJJHgFERAACDw0ASRkLQw5fVhdZRwpNBVRVAwlCUw5dVhRAWlJEXQIEV0dcFkMMGVkGCllCUAECWkBTFkdSQVIHA15GVwkLXVYAVUAbTQxERx8DQQNySkIiFQEpFw1EXw4SSlNcAlVWdmcdEQJRXwwCBVZHSkIiUV0bGTZVVxwEC15WLBwLU1hKQiIdFl02FlVfChEXVUBKQiIBHVpeVBIfTRMIUhFVUgxERx8DXh8cGAcTBQZBFAVGWhwfClJSHRsBQh0fAgsfQxoDDEJWCxkWVVAbX1tEXh9NVhZdCgQTX0EETVcWWgADWQAVHBkQVQ4OFAJcSkkTWQIVHwANDQdWQlMIBFdWFFNaUkZdBgFbQVUFA1hWEA0CWUdUAQVcSVwCFQsVF0QOBwQQQEBKQyUVASlVVnZUBgQIUVFBEwtdFl02MEJSCREIU0EOFhAVASkRCkRaPRUAQ0cAHgFzXwATDxUBKV1BAnUdFQhVUhwVFxUBKUFKBR1fUkgSUhwSRgoRBwQQQEBVX0tXWhscBVIdDB8JH2cdEQJRXwwCBVZHQBEKRFo9FQBDRwAeAXNfABMPHx5AAgFcVg4DAUMcXl5RHgNNDQ HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www63.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
set-cookie: 24e86b444149bfad0b9450c263c74b14=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www63.davisonbarker.pro/
Origin: https://www63.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Dec 2022 14:27:30 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www63.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 5092
last-modified: Sun, 04 Dec 2022 13:02:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoa3ZMf1p17MXPs3xjBRTbd6iO%2FRXYynvThfJvrBM%2BHnTZNo86rXSiCl%2FQDH3zXUoJRq8fzggmFRWiMrrniZBXEyErtkWWp%2FLX5rG8H%2BBKiqHezUu80wKnTRPKeT6RU8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 774539206f79775b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndandinter.hair/MDFDR0ZLEzAwGUVDL2V8Elk3MzZDC2xoMUdGdnNoVFA1LjVfXyEmNFtUMWk2Ql5sJisdQTY0Lh1SMzRoWkJ8NzNZVX5zfwIGe3B%2BFlIvLiVbWCd6cgkDdH9xCG56cXEJBXNwYFFdLyV7WEU3NzUVAgJidHYUcQEhWUUvJiQeUiwqYwJ3FzUnVlAvJDRRVzdidHZQLTMvYlQnNDJfXyYEKl9SKGJ0dhxmdQBCVC8iJ0NUMGJ0dgBtcmgAFywle1hFNzc1FQICYnR2FHEBMUdGdnRoVFA1LjVfXyEmNFtUMWk2Ql5mdQBARDAvNFVVKjUjU0VmdQAVAgUzK0AUcAN3FQN1KSNERiw1LRUCB3RjAgcqKDUVAgd3YwIHMC4yVRRwAydUVy8%2BYwIHIGJ1dAJmdXBAQSpidXQFenVxCAZ7YnQGQSAuYwN1dX5wAgVydnMABmZ1cEQUcAN3BgZzdnADCHt1YwIHJyI1RBRwAy5ERTM0YwIEcAZjAgRxAWMCBHEBIVlFLyYkHlIsKmMCBHEBEkJQJSYqU0MiITIVA3Z1AFFfNy4UVVUwMyleVAArKVNaZnVzAnduYnQFAwU1I1xUIjQjQxRxcnR2AG1yaAAXICskDVk3MzZDFHAGYwJ3ZnUAR0Y0cnUeVSIxL0NeLSUnQlomNWhAQyxidHZBNjQuQlQnLjRVUjdidHYUcAEyXUFmdAICFHFxKFVFNCg0WxRwA3UVA3UuKUMUcAN2FQN1NC9EVGZ0AlFVJSs%2FFQN1JGMDdXBidAZBMy5jA3V3fnQHCXR%2FYwIHMyQvFQIHcX8GA3d2dwUBdGJ0BkVmdAIBB3R3dwYCen90FQN1IyNDRWZ0AlhFNzc1FQN2dAcVA3Z1ABUDdnUAV1g3KydSHyAoKxUDdnUAZEMiISdcUjEmIEQUcXJ0dlAtMy9iVCc0Ml9fJgQqX1IoYnQFAwVqYwIEcQE0VV0mJjVVQmZ1cwJ3cmlzHgFlJjVSDCszMkBCZnQHFQMFYnR2ViozKlFTbSQpXRRxARJCUCUmKlNDIiEyFQMFJihEWBEiIkNFLCkjc10sJC0VAwVqYwJ3MSIqVVAwIjUVAwV2aAUfc2VqEkIuIWQKAG9lNV1HYX1kBB9wZWoSRSIgGVlVYX1kCAB7dX4GE29lNUVTHC4iARN5ZXIJA3R%2FcQgTb2U1RVMcLiICE3llcgkDdH9xCG56cXEJBXNwZBwTIisqUhN5ZS5ERTM0fB8eJC4yXFAhaSVfXGwTNFFXIislQlAlM2lRXzcuFFVVMDMpXlQAKylTWmxqaUJULyInQ1QwaHceBG13ZBwTLCVkChMrMzJAQnloaUdGNHJ1HlUiMS9DXi0lJ0JaJjVoQEMsaDZFQis1I1RYMSIlRB58MytADHJhKFVFNCg0WwxwYS9fQn53YENYNyJ7UVUlKz8WUn50YEBBKnpyCQN0f3EIFzMkLw0HenF0BABycnYHFzd6dwYGc3ZwAwh7dWBUVDAze1hFNzc1FQICYnR2FHEBIVlFLyYkHlIsKmMCdxc1J1ZQLyQ0UVc3YnR2UC0zL2JUJzQyX18mBCpfUihidHYcZnUAQlQvIidDVDBidHYAbXJoABNvZSVcU2F9ZFhFNzc1Ch5sMDFHBHBpIlFHKjQpXlMiNS1VQ203NF8eMzI1WEMmIy9CVCAzaQ9FLjd7AhctIjJHXjEsewMXKig1DQFlNC9EVH4mIlZdOmElDQJlNzZZDHd%2BdAcJdH9gQFIqenAJB3FzdwEEc3BgRAxycXEAAHV0fwgDZSMjQ0V%2BLzJEQTBidXEUcQFjAnckLjJcUCFpJV9cZnUAZEMiISdcUjEmIEQUcQEnXkUqFSNUQjcoKFVyLyglWxRxAWsVAwU1I1xUIjQjQxRxAXceBG13ZBwTIjQkEgthLzJEQTB9aR9WKjMqUVNtJCldHhc1J1ZQLyQ0UVc3aCdeRSoVI1RCNygoVXIvKCVbHm5oNFVdJiY1VUJsdmgFH3NlOw
54.162.51.18502 Bad Gateway 0 B URL HTTP/2 ndandinter.hair/MDFDR0ZLEzAwGUVDL2V8Elk3MzZDC2xoMUdGdnNoVFA1LjVfXyEmNFtUMWk2Ql5sJisdQTY0Lh1SMzRoWkJ8NzNZVX5zfwIGe3B%2BFlIvLiVbWCd6cgkDdH9xCG56cXEJBXNwYFFdLyV7WEU3NzUVAgJidHYUcQEhWUUvJiQeUiwqYwJ3FzUnVlAvJDRRVzdidHZQLTMvYlQnNDJfXyYEKl9SKGJ0dhxmdQBCVC8iJ0NUMGJ0dgBtcmgAFywle1hFNzc1FQICYnR2FHEBMUdGdnRoVFA1LjVfXyEmNFtUMWk2Ql5mdQBARDAvNFVVKjUjU0VmdQAVAgUzK0AUcAN3FQN1KSNERiw1LRUCB3RjAgcqKDUVAgd3YwIHMC4yVRRwAydUVy8%2BYwIHIGJ1dAJmdXBAQSpidXQFenVxCAZ7YnQGQSAuYwN1dX5wAgVydnMABmZ1cEQUcAN3BgZzdnADCHt1YwIHJyI1RBRwAy5ERTM0YwIEcAZjAgRxAWMCBHEBIVlFLyYkHlIsKmMCBHEBEkJQJSYqU0MiITIVA3Z1AFFfNy4UVVUwMyleVAArKVNaZnVzAnduYnQFAwU1I1xUIjQjQxRxcnR2AG1yaAAXICskDVk3MzZDFHAGYwJ3ZnUAR0Y0cnUeVSIxL0NeLSUnQlomNWhAQyxidHZBNjQuQlQnLjRVUjdidHYUcAEyXUFmdAICFHFxKFVFNCg0WxRwA3UVA3UuKUMUcAN2FQN1NC9EVGZ0AlFVJSs%2FFQN1JGMDdXBidAZBMy5jA3V3fnQHCXR%2FYwIHMyQvFQIHcX8GA3d2dwUBdGJ0BkVmdAIBB3R3dwYCen90FQN1IyNDRWZ0AlhFNzc1FQN2dAcVA3Z1ABUDdnUAV1g3KydSHyAoKxUDdnUAZEMiISdcUjEmIEQUcXJ0dlAtMy9iVCc0Ml9fJgQqX1IoYnQFAwVqYwIEcQE0VV0mJjVVQmZ1cwJ3cmlzHgFlJjVSDCszMkBCZnQHFQMFYnR2ViozKlFTbSQpXRRxARJCUCUmKlNDIiEyFQMFJihEWBEiIkNFLCkjc10sJC0VAwVqYwJ3MSIqVVAwIjUVAwV2aAUfc2VqEkIuIWQKAG9lNV1HYX1kBB9wZWoSRSIgGVlVYX1kCAB7dX4GE29lNUVTHC4iARN5ZXIJA3R%2FcQgTb2U1RVMcLiICE3llcgkDdH9xCG56cXEJBXNwZBwTIisqUhN5ZS5ERTM0fB8eJC4yXFAhaSVfXGwTNFFXIislQlAlM2lRXzcuFFVVMDMpXlQAKylTWmxqaUJULyInQ1QwaHceBG13ZBwTLCVkChMrMzJAQnloaUdGNHJ1HlUiMS9DXi0lJ0JaJjVoQEMsaDZFQis1I1RYMSIlRB58MytADHJhKFVFNCg0WwxwYS9fQn53YENYNyJ7UVUlKz8WUn50YEBBKnpyCQN0f3EIFzMkLw0HenF0BABycnYHFzd6dwYGc3ZwAwh7dWBUVDAze1hFNzc1FQICYnR2FHEBIVlFLyYkHlIsKmMCdxc1J1ZQLyQ0UVc3YnR2UC0zL2JUJzQyX18mBCpfUihidHYcZnUAQlQvIidDVDBidHYAbXJoABNvZSVcU2F9ZFhFNzc1Ch5sMDFHBHBpIlFHKjQpXlMiNS1VQ203NF8eMzI1WEMmIy9CVCAzaQ9FLjd7AhctIjJHXjEsewMXKig1DQFlNC9EVH4mIlZdOmElDQJlNzZZDHd%2BdAcJdH9gQFIqenAJB3FzdwEEc3BgRAxycXEAAHV0fwgDZSMjQ0V%2BLzJEQTBidXEUcQFjAnckLjJcUCFpJV9cZnUAZEMiISdcUjEmIEQUcQEnXkUqFSNUQjcoKFVyLyglWxRxAWsVAwU1I1xUIjQjQxRxAXceBG13ZBwTIjQkEgthLzJEQTB9aR9WKjMqUVNtJCldHhc1J1ZQLyQ0UVc3aCdeRSoVI1RCNygoVXIvKCVbHm5oNFVdJiY1VUJsdmgFH3NlOw
IP 54.162.51.18:0
GET /MDFDR0ZLEzAwGUVDL2V8Elk3MzZDC2xoMUdGdnNoVFA1LjVfXyEmNFtUMWk2Ql5sJisdQTY0Lh1SMzRoWkJ8NzNZVX5zfwIGe3B%2BFlIvLiVbWCd6cgkDdH9xCG56cXEJBXNwYFFdLyV7WEU3NzUVAgJidHYUcQEhWUUvJiQeUiwqYwJ3FzUnVlAvJDRRVzdidHZQLTMvYlQnNDJfXyYEKl9SKGJ0dhxmdQBCVC8iJ0NUMGJ0dgBtcmgAFywle1hFNzc1FQICYnR2FHEBMUdGdnRoVFA1LjVfXyEmNFtUMWk2Ql5mdQBARDAvNFVVKjUjU0VmdQAVAgUzK0AUcAN3FQN1KSNERiw1LRUCB3RjAgcqKDUVAgd3YwIHMC4yVRRwAydUVy8%2BYwIHIGJ1dAJmdXBAQSpidXQFenVxCAZ7YnQGQSAuYwN1dX5wAgVydnMABmZ1cEQUcAN3BgZzdnADCHt1YwIHJyI1RBRwAy5ERTM0YwIEcAZjAgRxAWMCBHEBIVlFLyYkHlIsKmMCBHEBEkJQJSYqU0MiITIVA3Z1AFFfNy4UVVUwMyleVAArKVNaZnVzAnduYnQFAwU1I1xUIjQjQxRxcnR2AG1yaAAXICskDVk3MzZDFHAGYwJ3ZnUAR0Y0cnUeVSIxL0NeLSUnQlomNWhAQyxidHZBNjQuQlQnLjRVUjdidHYUcAEyXUFmdAICFHFxKFVFNCg0WxRwA3UVA3UuKUMUcAN2FQN1NC9EVGZ0AlFVJSs%2FFQN1JGMDdXBidAZBMy5jA3V3fnQHCXR%2FYwIHMyQvFQIHcX8GA3d2dwUBdGJ0BkVmdAIBB3R3dwYCen90FQN1IyNDRWZ0AlhFNzc1FQN2dAcVA3Z1ABUDdnUAV1g3KydSHyAoKxUDdnUAZEMiISdcUjEmIEQUcXJ0dlAtMy9iVCc0Ml9fJgQqX1IoYnQFAwVqYwIEcQE0VV0mJjVVQmZ1cwJ3cmlzHgFlJjVSDCszMkBCZnQHFQMFYnR2ViozKlFTbSQpXRRxARJCUCUmKlNDIiEyFQMFJihEWBEiIkNFLCkjc10sJC0VAwVqYwJ3MSIqVVAwIjUVAwV2aAUfc2VqEkIuIWQKAG9lNV1HYX1kBB9wZWoSRSIgGVlVYX1kCAB7dX4GE29lNUVTHC4iARN5ZXIJA3R%2FcQgTb2U1RVMcLiICE3llcgkDdH9xCG56cXEJBXNwZBwTIisqUhN5ZS5ERTM0fB8eJC4yXFAhaSVfXGwTNFFXIislQlAlM2lRXzcuFFVVMDMpXlQAKylTWmxqaUJULyInQ1QwaHceBG13ZBwTLCVkChMrMzJAQnloaUdGNHJ1HlUiMS9DXi0lJ0JaJjVoQEMsaDZFQis1I1RYMSIlRB58MytADHJhKFVFNCg0WwxwYS9fQn53YENYNyJ7UVUlKz8WUn50YEBBKnpyCQN0f3EIFzMkLw0HenF0BABycnYHFzd6dwYGc3ZwAwh7dWBUVDAze1hFNzc1FQICYnR2FHEBIVlFLyYkHlIsKmMCdxc1J1ZQLyQ0UVc3YnR2UC0zL2JUJzQyX18mBCpfUihidHYcZnUAQlQvIidDVDBidHYAbXJoABNvZSVcU2F9ZFhFNzc1Ch5sMDFHBHBpIlFHKjQpXlMiNS1VQ203NF8eMzI1WEMmIy9CVCAzaQ9FLjd7AhctIjJHXjEsewMXKig1DQFlNC9EVH4mIlZdOmElDQJlNzZZDHd%2BdAcJdH9gQFIqenAJB3FzdwEEc3BgRAxycXEAAHV0fwgDZSMjQ0V%2BLzJEQTBidXEUcQFjAnckLjJcUCFpJV9cZnUAZEMiISdcUjEmIEQUcQEnXkUqFSNUQjcoKFVyLyglWxRxAWsVAwU1I1xUIjQjQxRxAXceBG13ZBwTIjQkEgthLzJEQTB9aR9WKjMqUVNtJCldHhc1J1ZQLyQ0UVc3aCdeRSoVI1RCNygoVXIvKCVbHm5oNFVdJiY1VUJsdmgFH3NlOw HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 502 Bad Gateway
set-cookie: 6163623cb49f29b2c10d3f25c4166395=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
ndandinter.hair/RWJPWjceQHdrD3daeXgbZ1Z2aAB9VXd4G2dWdmgAfVV3BQ5zVXZuB3JAY3gBIFUtaFF3W2I%2EVSBaYm4OdFViY1VyVmJiAyEGd2JRdVV2OwdnTm0pQGdObTRTJAwrM1kxBz10XyQLPXgbZ1N%2EdAVnTik7WzYHYzxWKREqdlEkDjw%2Eag
54.162.51.18200 OK 0 B URL HTTP/2 ndandinter.hair/RWJPWjceQHdrD3daeXgbZ1Z2aAB9VXd4G2dWdmgAfVV3BQ5zVXZuB3JAY3gBIFUtaFF3W2I%2EVSBaYm4OdFViY1VyVmJiAyEGd2JRdVV2OwdnTm0pQGdObTRTJAwrM1kxBz10XyQLPXgbZ1N%2EdAVnTik7WzYHYzxWKREqdlEkDjw%2Eag
IP 54.162.51.18:0
GET /RWJPWjceQHdrD3daeXgbZ1Z2aAB9VXd4G2dWdmgAfVV3BQ5zVXZuB3JAY3gBIFUtaFF3W2I%2EVSBaYm4OdFViY1VyVmJiAyEGd2JRdVV2OwdnTm0pQGdObTRTJAwrM1kxBz10XyQLPXgbZ1N%2EdAVnTik7WzYHYzxWKREqdlEkDjw%2Eag HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www54.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 93f728386fc59ca8dfe0edde48017404=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8007-5m7hJDC7EBiG4DV/dXrYx8E8lnE"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2